Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet

Katriel Cohn-Gordon and Cas Cremers

Abstract

Secure messaging apps have enjoyed huge uptake, and with the headline figure of one billion active WhatsApp users there has been a corresponding burst of academic research on the topic. One might therefore wonder: how far is the academic community from providing concrete, applicable guarantees about the apps that are currently in widespread use? We argue that there are still significant gaps between the security properties that users might expect from a communication app, and the security properties that have been formally proven. These gaps arise from dubious technical assumptions, tradeoffs in the name of reliability, or simply features out of scope of the analyses. We survey these gaps, and discuss where the academic community can contribute. In particular, we encourage more transparency about analyses' restrictions: the easier they are to understand, the easier they are to solve.

Available format(s)
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
messaging implementation position
Contact author(s)
me @ katriel co uk
History
Short URL
https://ia.cr/2017/982

CC BY

BibTeX

@misc{cryptoeprint:2017/982,
author = {Katriel Cohn-Gordon and Cas Cremers},
title = {Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet},
howpublished = {Cryptology ePrint Archive, Paper 2017/982},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/982}},
url = {https://eprint.iacr.org/2017/982}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.